Spotlight
SIM Swappers Try Bribing T-Mobile and Verizon Staff $300
Richi Jennings | | 2fa, 2FA bypass, 2FA Flaws, 2FA policies, 2FA/MFA, bypass 2FA, Industry Insider, Insider, Insider attack, Insider Attacks, insider breach, Insider Fraud, insider risk, malicious social engineering, MFA, MFA hacks, mfa login, MFA Methods, Multi-Factor Authentication, Multi-Factor Authentication (MFA), Multifactor Authentication, SB Blogwatch, SIM swap, sim swap fraud, SIM swap scams, SIM swapping, sms scam, SMS scams, SMS Spam, SMS Spamming, social engineeering, T-Mobile, t-mobile breach, t-mobile data breach, T-Mobile hack, two factor authentication, two-factor-authentication.2fa, verizon, verizon data breach, Verizon Wireless
Not OK: SMS 2FA — Widespread spam targets carrier employees, as scrotes try harder to evade two-factor authentication ...
Security Boulevard
Online Health Firm Cerebral to Pay $7 Million for Sharing Private Data
Cerebral, accused by the FTC of sharing sensitive information of over 3.2 million users with third parties, is now banned from using health info for advertising purposes ...
Security Boulevard
Roku: Credential Stuffing Attacks Affect 591,000 Accounts
Almost 600,000 Roku customers had their accounts hacked through two credential stuffing attacks several weeks apart, illustrating the ongoing risks to people who reuse passwords for multiple online accounts. The streaming service ...
Security Boulevard
Ex-Security Engineer Gets Three Years in Prison for $12 Million Crypto Hacks
Prosecutors noted the need for deterrence as the amount of money stolen in crypto exchange frauds piles up ...
Security Boulevard
Sisense Hacked: CISA Warns Customers at Risk
Richi Jennings | | Amazon Web Services (AWS), aws, AWS access keys, AWS bucket, cisa, CISA Advisories, CISA Advisory, CISA Alert, CISA warning, CISA.gov, depth, NSA/CISA, Sangram Dash, SB Blogwatch, Sisense
A hard-coded credential catastrophe: The analytics firm kept big companies’ secrets in an insecure AWS bucket. Government says victims include the “critical infrastructure sector.” ...
Security Boulevard
CISA: Russian Hackers Stole Emails Between U.S. Agencies and Microsoft
The U.S. cybersecurity agency in an emergency directive is ordering affected agencies to address risks stemming from the attack ...
Security Boulevard
Apple Warns of ‘Mercenary Spyware Attacks’ on iPhone Users
Apple reportedly is alerting iPhone users in 92 countries that they may have been the targets of attacks using “mercenary spyware,” a term that the company is now using in such alerts ...
Security Boulevard
Raspberry Robin Malware Now Using Windows Script Files to Spread
The threat actors behind Raspberry Robin are using highly sophisticated evasion techniques to stay under the radar of antivirus software ...
Security Boulevard
Watch This? Patch This! LG Fixes Smart TV Vulns
Richi Jennings | | BitDefender, bitdefender research, Consumer IoT, CVE-2023-6317, CVE-2023-6318, CVE-2023-6319, CVE-2023-6320, iot, LG, SB Blogwatch, Smart TV, Smart TV Security, Smart TV Vulnerability, Smart TVs, The ‘S’ in IoT stands for Security, TV, WebOS
4×CVE=RCE or Merely CE? Update your LG TV now, or let hackers root it. But is Bitdefender overhyping the issue? ...
Security Boulevard
FCC Mulls Rules to Protect Abuse Survivors from Stalking Through Cars
Jeffrey Burt | | automobile, automobiles, Car, connected car security, domestic abuse, fcc, government, MVNO, telematics
To protect domestic violence survivors from abusers, the FCC wants to include internet-connected vehicles under the Safe Communication Act ...
Security Boulevard